Privacy Notice for iPeTek App
Last updated date: April 2026
The Sinocare Inc. (“we”, “our”, “us”or“the company”) operates the iPeTek App (“iPeTek ”). This Privacy Notice demonstrates how we collect, use, and share your personal data when you use iPeTek. We take the protection of your privacy and personal data very seriously. We process your personal data strictly in compliance with this Privacy Notice( “Notice”), and with the EU General Data Protection Regulation 2016/679 (“GDPR”).
Please read this Notice carefully to get a clear understanding of our processing of your personal data. If you have any questions, you can contact us through the contact details listed in this Notice.
This Notice will help you understand the following:
• Identity and the contact details of the Controller
Sinocare Inc.
Changsha Sinocare Inc. 265 Guyuan Road, Hi-Tech Zone, Changsha, 410205, Hunan Province, P.R. China
• Identity and the contact details of the EU Representative
OBELIS S.A.
Bd. Général Wahis, 53
1030 Brussels, Belgium
+32.2.732.59.54
• Identity and the contact details of the Data Protection Officer (DPO)
DPO: Uilliam WU
Email:dataprivacy.global@sinocare.com
When you download and use the iPeTek, we collect and process certain technical data that is mandatory and necessary for the functioning of the iPeTek, including:
• Technical Data: IP address, operating system and its current version, date and time of access.
2.2 Account Data and Basic Pet Data: Registration and Login
To use the iPeTek App, you need to register a user account. You can choose to create an account with your phone number or email address, or you can choose to register with a third-party platform account, such as Apple, Google account. As the iPeTek is used to monitor your pet’s glucose condition, we also collect basic data about your pet. During the registration process, data we collect includes:
• Account Data: your country/region, the phone number/email address, username, and password you provide. Or third-party account identifier, email address, username and profile picture (if available) we received from third-party platform under your authorization.
• Basic Pet Data: the type of your pet (dog/cat), the pet’s name, and health condition.
2.3 CGM Device Data and BGM Device Data: Device Binding
To connect and read data collected from the Continuous Glucose Monitor (“CGM”) or Blood Glucose Meter (“BGM”), you need to bind the CGM/BGM device to your account. In the process of the binding, you need to grant the camera permission to scan the QR code on the device and grant the Bluetooth permission for the connect. When you complete the binding, we collect the following device data:
• CGM Device Data: the CGM’s SN, the sensor remaining life, and the version number.
• BGM Device Data: the BGM’s SN.
2.4 Pet’s Glucose and Blood Glucose Data: Glucose and Blood Glucose Monitoring
When you use the CGM to monitor your pet’s real-time glucose data, or use the BGM to test your pet’s blood glucose readings, we collect the following glucose data:
• Pet’sGlucose Data: real-time glucose data, historical trends, data timestamps from CGM.
• Pet’s Blood Glucose Data: blood glucose reading from BGM.
2.5 Alert Setting Data: Glucose Alert Settings and Notifications
When you use the CGM to monitor your pet’s real-time glucose data, iPeTek allows you to set preferred high and low glucose thresholds for reminder purposes. If your pet’s glucose value exceeds the high threshold or falls below the low threshold you have set, iPeTek will generate an alert and send you a notification. In this process, we collet the following data:
• Alert Setting Data: alert setting values, notification methods (sound/vibration).
2.6 Event Data: Behavior and Event Recording
To help you create a detailed health diary for your pet, you can use the behavior and event recording function of the iPeTek. You can voluntarily record various health and lifestyle events, including blood glucose reading, diet, exercise, medication, Insulin injection, and other events. If you wish to upload diet photos, you need to grant the camera or the photo library permission. When you record the events, we collect the following data (collectively, the “Event Data”):
• Pet’s Blood Glucose Data: blood glucose reading, monitoring time, monitoring period, remarks (optional).
• Pet’s Diet Data: dining date, dining time, carbs, remarks (optional), and photo (optional).
• Pet’s Exercise Data: start date, start time, exercise type, exercise time, remarks (optional).
• Pet’s Medication Data: medication date, medication time, remarks (optional).
• Pet’s Insulin Data: injection date, injection time, injection type, injection dosage, remarks (optional).
2.7 Pet’s Glucose Analytics Data: Dashboard and Monitoring Reports
To help you review and understand your pet’s glucose status and trends, the iPeTek provides data dashboard and analysis reports. In this process, we collect the following data:
• Pet’s Glucose Analytics Data: the percentages of time in range, time above range, and time below range, average, maximum, and minimum glucose values, glucose management indicator (GMI), and coefficient of variation (CV).
2.8 Customer Service Data: Customer Services
You may encounter issues or need assistance when you use our CGM, BGM products for pets or the iPeTek App. In such scenario, you may contact us through our customer service channels, such as in-app support features, customer support tickets, email, or other communication methods we make available from time to time. In this process, based on your circumstances, we may collect the following data:
• Customer Service Data: your country or region, name, email address, contact phone number, device’s SN, issue, fault occurrence time, detail description.
We process the Technical Data to provide you with the iPeTek App. The legal basis for processing the Technical Data is the necessity to fulfill or initiate a contractual relationship between you and us and to perform obligations under the contract (Art. 6(1)(b) of the GDPR).
3.2 Account Data and Basic Pet Data
We process the Account Data and Basic Pet Data to create your account, and enable you to use the iPeTek App. The legal basis for processing the Account Data and Basic Pet Data is the necessity to fulfill or initiate a contractual relationship between you and us and toperformobligations under the contract(Art. 6(1)(b) of the GDPR).
3.3 CGM Device Data and BGM Device Data
We process the CGM Device Data and BGM Device Data to enable you to connect the device to your account and to activate the device. The legal basis for processing the Device data is the necessity to fulfill or initiate a contractual relationship between you and us and to perform obligations under the contract (Art. 6(1)(b) of the GDPR).
3.4 Pet’s Glucose and Blood Glucose Data
We process the pet’s Glucose and Blood Glucose Data for you to monitor your pet’s glucose and blood glucose status. The legal basis for processing the pet’s Glucose and Blood Glucose Data is your consent (Art. 6(1)(a) of the GDPR).
3.5 Alert Setting Data
We process the Alert Setting Data to send notification to you if your pet’s glucose value is abnormal and needs attention. The legal basis for processing the Alert Setting Data is your consent (Art. 6(1)(a) of the GDPR).
3.6 Event Data
We process the Event Data for you to record your pet’s health event and keep the health diary. The legal basis for processing the Event Data is your consent (Art. 6(1)(a) of the GDPR).
3.7 Pet’s Glucose Analytics Data
We process the Pet’s Glucose Analytics Data to show the pet’s glucose trend and analysis. The legal basis for processing the Pet’s Glucose Analytics Data is your consent (Art. 6(1)(a) of the GDPR).
3.8 Selected Veterinarian Data
We process the Selected Veterinarian Data to enable you to share data with your veterinary professionals. The legal basis for processing the Selected Veterinarian Data is your consent (Art. 6(1)(a) of the GDPR).
3.9 Customer Service Data
We process the Customer Service Data to respond to your questions and service requests, to analyze and resolve technical or service-related issues, to improve and develop our products and services, and to comply with applicable laws, regulations, or regulatory requirements. The legal basis for processing the Customer Service Data include the necessity to fulfill or initiate a contractual relationship between you and us and to perform obligations under the contract (Art. 6(1)(b) of the GDPR), the necessity for us to comply with a legal obligation (Art. 6(1)(c) GDPR), the pursue of our legitimate interests (Art. 6(1)(f) GDPR), and your consent (Art. 6(1)(a) of the GDPR).
In addition to the cases explicitly mentioned in this Notice, your personal data will only be transferred with your express prior consent or if this is permitted and required by law. We may transfer your personal data to the following categories of recipients.
4.1 Our Affiliates
We may transfer your personal data to our affiliates for internal administrative purposes, such as joint customer services and customer support, the development, improvement, maintenance, and security of our products and services, and for compliance with applicable laws, regulations, or regulatory requirements. Our affiliates take organizational and technical measures to safeguard your personal data and never use your personal data in contraction to this Notice. The legal basis for transfer data to our affiliates include the necessity to fulfill or initiate a contractual relationship between you and us and to perform obligations under the contract (Art. 6(1)(b) of the GDPR), the necessity for us to comply with a legal obligation (Art. 6(1)(c) GDPR), the pursue our legitimate interests, such as ensuring efficient group operations, service quality, security (Art. 6(1)(f) GDPR), and your consent (Art. 6(1)(a) of the GDPR).
4.2 Our Business Partners
We employ business partners to perform functions on our behalf. Examples include the Cloud service provider, SMS service provider, the Customer service provider, and the SDK providers (including Push notification, App analytics and crash monitoring, Third-party login, Cloud storage, and QR code/barcode scanning SDKs). If we use such external service providers, we have carefully selected them beforehand as processors and verify their reliability in accordance with Art. 28(1) of the GDPR and contractually obligate them within the scope of Art. 28(3) of the GDPR to process all personal data provided by us exclusively in accordance with our instructions. These business partners may have access to personal data needed to perform their functions but may not use it for other purposes. The legal basis for transfer data to our business partners include the necessity to fulfill or initiate a contractual relationship between you and us and to perform obligations under the contract (Art. 6(1)(b) of the GDPR), the pursue of our legitimate interests, such as such as ensuring the functionality, security of our product and service (Art. 6(1)(f) GDPR), and your consent (Art. 6(1)(a) of the GDPR).
4.3 Public Authorities
We may transfer personal data if permitted or required by law, for example, in response to a court order or a subpoena. To the extent permitted by applicable law, we also may disclose personal data in the following scenario:
• In response to a law enforcement or public agency’s request.
• If we believe disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of end users.
• To protect the security or integrity of our sites, applications, and other technology, as well as the technology of our service providers.
• Enable us to take precautions against liability.
The legal basis for transfer data to public authorities is the necessity for us to comply with a legal obligation (Art. 6(1)(c) of the GDPR) or the necessity for the purposes of the legitimate interests pursued by us (Art. 6(1)(f) of the GDPR).
You acknowledge and agree that we may access and process personal data on a global basis as necessary to provide the products and service. In particular, personal data may be transferred to and processed by us in Chinese Mainland, Singapore, and other jurisdictions where our affiliates and business partners have operations.
We implement appropriate safeguards to ensure an adequate level of protection for such transfers, including the signing of Standard Contractual Clauses (SCCs) and the conduct of Transfer Impact Assessments (TIAs). In particular, unless an adequacy decision of the European Commission applies, we rely on the Standard Contractual Clauses approved by the European Commission pursuant to Art. 46(2)(c) of the GDPR when entering into contracts with our service providers (and, where applicable, with relevant recipients), and we may implement additional supplementary measures where necessary.
Please note that as far as there is no adequacy decision of the European Commission for these countries, despite careful selection and commitment of our service providers, these may be subject to compulsory laws in their respective country of establishment requiring them to grant access to data on request of governmental authorities which may not provide for legal boundaries comparable to the European Union.
Please be aware that the data protection laws in other countries may differ from, and in some cases, be less protective than, the laws in your region. In certain circumstances, governmental authorities in those countries may have the right to access your data, and you may have limited legal options to be informed about or challenge such access.
With the iPeTek App, we offer you the voluntary option to upload your data to a cloud server in Germany, which is operated by one of our partners on our behalf. Otherwise, the data collected will remain stored locally and in a secure environment on your device.
6.2 Retention Period
We delete or anonymize your personal data as soon as it is no longer necessary for the purposes we have collected and processed it as stated in this Notice and the time limit required by laws and regulations. In general, we store your personal data for the duration of the contractual relationship regarding the iPeTek App. The data may remain stored beyond this period if this is provided for due to legal requirements to which we are subject, for example in respect of legal retention or documentation obligations. In such an event, we delete your personal data once the requirements cease to apply.
If you have uploaded your personal data to our cloud server, we will store your data for a period of twelve months from the last use of your account and delete or anonymize them thereafter. Should you withdraw your consent in accordance with the “Your Rights Regarding Personal Data” section below, the respective data will be deleted by us.
Our products and services are not directed to children under the age of 16 or minors as defined by applicable local laws. We do not intend to collect personal data from children. If we become aware that personal data of a child has been collected, we will take reasonable steps to delete such information without due delay. Parents or guardians who believe that their child has provided us with personal data may contact us, and we will promptly delete the information upon verification.
For data loss prevention and protection against unauthorized access to your personal data, we use various encryption methods, encryption standards and security means.
Account Data, Basic Pet Data, Pet’s Glucose and Blood Glucose Data stored locally on your device is encrypted using CBC encryption, while the user account password is MD5 encrypted. The data transmitted from the transmitter to the iPeTek App adopts the Bluetooth standard protocol for encryption. Should you choose our cloud service and decide to upload your data to our cloud server, this data is transmitted to the cloud server using HTTPS encryption. The data stored on our cloud server is encrypted using Advanced Encryption Standard (AES).
For the prevention of data loss of data stored on our cloud server, we perform daily incremental backups and monthly full backups for the sole purpose of providing you with backups of your data in the event of accidental data loss.
You have the following rights under the GDPR:
9.1 Right of access: you have the right to obtain from the us confirmation as to whether or not your personal data are being processed; you can also request a copy of your personal data that are undergoing processing.
9.2 Right to rectification: you have the right to obtain from us without undue delay the rectification of inaccurate or incomplete personal data.
9.3 Right to erasure (“right to be forgotten”): you have the right to obtain from us the erasure of personal data if the following circumstances occur:
• The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
• When you withdraw consent on which the processing is based, and there is no other legal ground for the processing.
• When you object to the processing, and there are no overriding legitimate grounds for the processing.
• The personal data have been unlawfully processed.
• The personal data have to be erased for compliance with a legal obligation in union or member state law to which the controller is subject.
• The personal data have been collected in relation to the offer of information society services for children under the age of 16 or minors as defined by applicable local laws.
9.4 Right to restriction of processing: you have the right to obtain from us the restriction of processing where one of the following applies:
• The accuracy of the personal data is contested, for a period enabling us to verify the accuracy of the personal data.
• The processing is unlawful, and you oppose the erasure of the personal data and requests the restriction of their use instead.
• We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.
• You have objected to processing, pending the verification whether the legitimate grounds of us override those of yours.
9.5 Right to data portability: you have the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller provided that (a) the processing is based on consent or on the performance of contract; and (b) the processing is carried out by automated means.
9.6 Right to object: you have the right to object to data processing based on specific reasons, including: (a) processing based on legitimate interests; (b) processing based on public interest or official authority; (c) when personal data is used for direct marketing, you can object at any time; (d) for scientific, historical research, or statistical purposes, unless it involves public interest.
9.7 Right not to be subject to automated decision-making (including profiling): you have the right not to be subject to decisions based solely on automated processing, especially when the decision has legal consequences or significantly affects the data subject.
9.8 Right to complaint: If you are of the opinion that our processing of your personal data by us is not in compliance with this Notice or the applicable data protection regulations, you have the right to make a complaint to a regulatory authority.
We will respond to your requests within one month or two months (if the request is complex or you have made a number of requests), or within the time limit prescribed by applicable law.
We may update this Notice from time to time in response to changing legal, technical or business developments. The current version can be viewed under the menu “About” in the App. When we update this Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make and as required by applicable laws.